github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 14:04:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
b614fa7eec
linux/drivers/misc
History
Gustavo A. R. Silva b61865ef9b drivers/misc/sgi-gru: fix Spectre v1 vulnerability 
commit fee05f455c upstream.

req.gid can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

vers/misc/sgi-gru/grukdump.c:200 gru_dump_chiplet_request() warn:
potential spectre issue 'gru_base' [w]

Fix this by sanitizing req.gid before calling macro GID_TO_GRU, which
uses it to index gru_base.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-27 16:08:02 +01:00
..
altera-stapl
c2port drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of IS_ERR() 2017-06-26 07:13:10 +02:00
cb710
cxl cxl: Check if vphb exists before iterating over AFU devices 2017-12-25 14:22:08 +01:00
echo
eeprom eeprom: at24: check at24_read/write arguments 2017-12-05 11:22:51 +01:00
genwqe signal/GenWQE: Fix sending of SIGKILL 2018-11-21 09:27:34 +01:00
ibmasm ibmasm: don't write out of bounds in read handler 2018-07-17 11:31:42 +02:00
lis3lv02d
mei mei: bus: type promotion bug in mei_nfc_if_version() 2018-09-26 08:35:10 +02:00
mic misc: mic: SCIF Fix scif_get_new_port() error handling 2018-09-19 22:48:56 +02:00
sgi-gru drivers/misc/sgi-gru: fix Spectre v1 vulnerability 2018-11-27 16:08:02 +01:00
sgi-xp
ti-st misc: ti-st: Fix memory leak in the error path of probe() 2018-09-19 22:48:57 +02:00
vmw_vmci vmci: type promotion bug in qp_host_get_user_memory() 2018-10-10 08:52:03 +02:00
ad525x_dpot-i2c.c
ad525x_dpot-spi.c
ad525x_dpot.c drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors 2016-05-04 14:48:52 -07:00
ad525x_dpot.h
apds990x.c
apds9802als.c
arm-charlcd.c
atmel_tclib.c
atmel-ssc.c misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data 2018-11-27 16:08:02 +01:00
bh1770glc.c
bh1780gli.c
bmp085-i2c.c
bmp085-spi.c
bmp085.c
bmp085.h
cs5535-mfgpt.c
ds1682.c
dummy-irq.c
enclosure.c scsi: ses: don't get power status of SES device slot on probe 2018-03-22 09:23:24 +01:00
fsa9480.c
hmc6352.c misc: hmc6352: fix potential Spectre v1 2018-09-26 08:35:07 +02:00
hpilo.c
hpilo.h
ics932s401.c
ioc4.c
isl29003.c
isl29020.c
Kconfig
kgdbts.c
lattice-ecp3-config.c
lkdtm.c
Makefile
pch_phub.c
phantom.c
pti.c
qcom-coincell.c
spear13xx_pcie_gadget.c
sram.c
ti_dac7512.c
tifm_7xx1.c
tifm_core.c
tsl2550.c tsl2550: fix lux1_input error in low light 2018-10-10 08:52:03 +02:00
vexpress-syscfg.c
vmw_balloon.c vmw_balloon: include asm/io.h 2018-09-19 22:48:59 +02:00